From nobody Tue Feb 18 17:12:01 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy5fn2hd0z5ntjF; Tue, 18 Feb 2025 17:12:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy5fn1SHCz3Cdj; Tue, 18 Feb 2025 17:12:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739898721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1np2SfSGZhjHFsVtBi/v+4kx5y1UW4Bhh+0C8O0tPUU=; b=P8SvcQp5MMKoo/CGj3f78Y+nrfp1ZAlwsB1n0qkNMeURdyKpG3T8o+aU6iFrNm4Q+TQQ9g AE/vxmexLt6hrYH/2CGG1ldG9E0CM32vJiv6G8Hx56AcsTFYEk7mDyxl7mtk54g8Q4roIs KwOtJfAeLU6hiEtzRTN2mVURqu+f4xr86nbJEoI09cBiqfq1si+/2TTtYGFAo/sOKXY/HC lDolYL0yWJJFRqZgr6lBwBtmRU9SnWd6WONmooerPQJ1TnJRl1luKcra3iDnbsCO0vyVGM q9dWokGI+0jMpq/layiGlQ3xiQhA5SW0Z9PB4kofbSvbHBlUbU+gY1X2ONaDfg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739898721; a=rsa-sha256; cv=none; b=LYjz+3efb3Q5Jlj0Nay45EHAf7p5YQpuy9sYi7r74+o54E3NzbCwmjb7h4AWB3Y4tUD6mP OVVPgbKrgBfyP1pe4/KoZ0D2aMXNU27lEn201UJOAzGWIV92Plf8MaxT8JcqI9z1i0JPuC MKuzWp5vkkLHA97UjWPsSA7b/jKwMjBDlX8qb3ir47TbbkGgNuzFdmX95LNA2AFDZoRx4g h0Nripw2yoyZ/kr11JxgO3EtOdFZaOl1itmTEimRNngfRa1Ghp68cyHZRxR3Rw718W4qQ9 MsMO7GLufO86EpOGrEr12hE24IfvJY7Tzp0XGaoggpLe3cLLSe0AYlUcHOWJSQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739898721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1np2SfSGZhjHFsVtBi/v+4kx5y1UW4Bhh+0C8O0tPUU=; b=l3zZnQwYkF7l45CB0TouQwcOobNwsaxjKABoxzUAYL0M2dLMxOmF0eiXo2j2cFfNVWybmo CdEQbH+WRCv9pYwWZkOh+TysNvXHgiOVO6SPg0fNa6LtYcjh6R9+1529bG/g3s03WixA0/ kRqxPJNkp7gyj6vtV+43Qj4JWfxVpiSbcphV/j/SHdtPDO1XaNoEfYdJ2NaRh6qJIGEgbP KtFrAk/h3kxHMcYhbpB1Of0HWTGg0f2GrKrpF5/SdDNpahChL5JxPOceVpaVhLJNksIznW FMMB5BYifC1xVY8rnrxZnWU/YP8qll+yGujpM+G24ewYOeEQXfc1lxxFyMeTUg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy5fn0sCTzCgP; Tue, 18 Feb 2025 17:12:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHC1lJ064634; Tue, 18 Feb 2025 17:12:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHC1b1064631; Tue, 18 Feb 2025 17:12:01 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:12:01 GMT Message-Id: <202502181712.51IHC1b1064631@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Cy Schubert Subject: git: 521f66715afb - main - ntpd: Use the ntpd -u option in preference to the rc su plumbing List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 521f66715afb312b356afafc68cbc044a436a753 Auto-Submitted: auto-generated The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=521f66715afb312b356afafc68cbc044a436a753 commit 521f66715afb312b356afafc68cbc044a436a753 Author: Cy Schubert AuthorDate: 2024-12-12 20:03:09 +0000 Commit: Cy Schubert CommitDate: 2025-02-18 17:11:38 +0000 ntpd: Use the ntpd -u option in preference to the rc su plumbing Using the rc plumbing to setuid(2) is preferred as it allows the user to use the -i option in ntpd_flags to chroot ntpd. Chrooting ntpd by default will be a 2025 project. MFC after: 1 week Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D48191 --- libexec/rc/rc.d/ntpd | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd index e7e42da8acc7..8babda09455c 100755 --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -101,7 +101,6 @@ ntpd_precmd() # by the admin, we don't add the option. If the file exists in the old # default location we use that, else we use the new default location. if can_run_nonroot; then - _user="ntpd" driftopt="-f ${_ntp_default_driftfile}" elif grep -q "^[ \t]*driftfile" "${ntpd_config}" || [ -n "${rc_flags}" ] && @@ -115,7 +114,13 @@ ntpd_precmd() fi # Set command_args based on the various config vars. - command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}" + command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt} -u ${ntpd_user:=ntpd:ntpd}" + + # Unset ntpd_user because rc.subr uses $${name}_user to determine + # whether to invoke su(1) to setuid() to $ntpd_user for us. We want + # ntpd to do the setuid() itself through the -u argument, above. + unset ntpd_user + if checkyesno ntpd_sync_on_start; then command_args="${command_args} -g" fi